[BUG] Account delete does not purge server-side host records, causing sync v2 failures on re-registration

[mo-faruque]

Description:

When deleting an Atuin account and re-registering with the same email, orphaned encrypted records from old host IDs remain on the server and get re-associated with the new account. This breaks sync v2.

Steps to Reproduce:

1. Create account with email X
2. Use Atuin on multiple machines (each generates unique host ID + encryption key)
3. Delete account with atuin account delete
4. Register new account with same email X
5. Run atuin sync

Expected Behavior:
account delete should purge all server-side data:

• Account credentials
• All host ID associations
• All encrypted records from all hosts

Actual Behavior:

• Account credentials deleted
• Host records persist on server
• On re-registration, old host records get re-associated
• Sync v2 tries to download records encrypted with old keys → decryption fails

Error Logs:

$ atuin sync
Error: attempting to decrypt with incorrect key. currently using k4.lid.1X7bvUxMa59sfvf0yGdgRegCAz21-48bQL2xTNHNhKb_,
expecting k4.lid.sMbdpgXZT-GNPKCgZbtmFYZ9A2NwpPpCtpNU3w4KRLo9

Location:
atuin-client/src/record/encryption.rs:132:9

Downloading 51 records from 019031f9c8d3717e837e357b8dbcc4b2/history
Downloading 116 records from 0190324c90107ebc9e571ddcc5ec644d/history
Downloading 336 records from 01905170123e7f6190bf2c8c466181d6/history

Store Status (showing orphaned hosts):
$ atuin store status
host: 019031f9-c8d3-717e-837e-357b8dbcc4b2
store: history
idx: 51
created: 2024-06-19

host: 0190324c-9010-7ebc-9e57-1ddcc5ec644d
store: history
idx: 116
created: 2024-06-19

host: 01905170-123e-7f61-90bf-2c8c466181d6
store: history
idx: 336
created: 2024-06-25

host: 018fa93a-a518-70b4-b693-30e0d4609469 # <-- current host, works fine
store: history
idx: 13503
created: 2025-11-27

Purge only removes local copies:
$ atuin store purge
Purging local records that cannot be decrypted
Failed to decrypt 019031fa-3369-748b-b006-e3a916c56c8e, deleting
Failed to decrypt 019031fb-e2fc-7030-8f8c-8a28403da39d, deleting
... (hundreds of records)
Local store purge completed OK

$ atuin sync

Same error - server re-downloads the orphaned records

Workaround:
Set records = false in ~/.config/atuin/config.toml to use sync v1.

Questions:

1. Is this a bug, or intended behavior?
2. Can orphaned host records be purged server-side for affected users?
3. Should there be a user-facing command to delete specific host records from the server?

Environment:

• Atuin v18.2.0 / v18.10.0
• Linux

[ellie]

We do delete the records, however the database is now very large so it is not instant. Is there any reason to delete and recreate the account right after?

Additionally, please provide the output of atuin doctor

see:

atuin/crates/atuin-server-postgres/src/lib.rs

Lines 389 to 427 in 0f05e0e

	async fn delete_user(&self, u: &User) -> DbResult<()> {
	sqlx::query("delete from sessions where user_id = $1")
	.bind(u.id)
	.execute(&self.pool)
	.await
	.map_err(fix_error)?;
	sqlx::query("delete from history where user_id = $1")
	.bind(u.id)
	.execute(&self.pool)
	.await
	.map_err(fix_error)?;
	sqlx::query("delete from store where user_id = $1")
	.bind(u.id)
	.execute(&self.pool)
	.await
	.map_err(fix_error)?;
	sqlx::query("delete from user_verification_token where user_id = $1")
	.bind(u.id)
	.execute(&self.pool)
	.await
	.map_err(fix_error)?;
	sqlx::query("delete from total_history_count_user where user_id = $1")
	.bind(u.id)
	.execute(&self.pool)
	.await
	.map_err(fix_error)?;
	sqlx::query("delete from users where id = $1")
	.bind(u.id)
	.execute(&self.pool)
	.await
	.map_err(fix_error)?;
	Ok(())
	}

[mo-faruque]

Thanks for the response.
I had Atuin set up on multiple machines over time. Each machine generated its own unique host ID and encryption key. I didn't realize I needed to copy the same encryption key to each machine, so each one created its own unique key.

What the server had:

├── Host 019031f9... → 51 records encrypted with Key A
├── Host 0190324c... → 116 records encrypted with Key B
├── Host 01905170... → 336 records encrypted with Key C
└── Host 018fa93a... → 13,503 records encrypted with Key D (my current key)

All 4 hosts were linked to my account.

Why I deleted my account:

Syncing was giving me the same decryption error. I couldn't sync because my current key couldn't decrypt records from other hosts. I deleted the account, hoping to start fresh and fix the sync issue.

After recreating a new account with the same email address, the same error was returned. The old host records were still there.

To answer your question, there was approximately 1-2 minutes between the deletion and re-registration. If the deletion is asynchronous or delayed, that would explain why the old host records reappeared.

atuin doctor output:
atuin:
version: 18.2.0
sync:
cloud: true
records: false
auto_sync: true
last_sync: 2025-11-28 4:59:01.689219834 +00:00:00
shell:
name: zsh
default: unknown
plugins:
- atuin
system:
os: Ubuntu
arch: x86_64
version: '22.04'

Questions:

1. Can the orphaned host records be purged from my current account so I can use sync v2?
2. How long should I wait between delete and re-register?
3. Is there a way for users to delete specific host records from the server?